On Thu, Feb 15, 2018 at 4:13 PM, Al Viro <v...@zeniv.linux.org.uk> wrote: > Guess what happens to cache footprint of dcache lookups if the bunch in the > beginning gets spread over the entire thing? Right... And that's besides the > outright miscompiles.
Mentioned in private communication, but just for posterity: GCC_PLUGIN_RANDSTRUCT_PERFORMANCE exists specifically to address those kinds of performance concerns. As to removing the markings: please don't. Instead, you'd mentioned wanting to add a TAINT flag for this, and I think that sounds entirely reasonable. We have TAINT flags for considerably less insane things. :) I can send that patch. -Kees -- Kees Cook Pixel Security
